import CS crypto-policies-20240202-1.git283706d.el9

2024-03-28 09:58:36 +00:00 · 2024-03-28 09:58:36 +00:00 · 209406ce37
commit 209406ce37
parent e9b94e85dd
3 changed files with 36 additions and 6 deletions
--- a/.crypto-policies.metadata
+++ b/.crypto-policies.metadata
@ -1 +1 @@
-ebca51d3017ee207680f9ae109e49ed78e8f479b SOURCES/crypto-policies-git94f0e2c.tar.gz
+61d1e62750bb43415038892681dd29637832ee4d SOURCES/crypto-policies-git283706d.tar.gz
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/crypto-policies-git94f0e2c.tar.gz
+SOURCES/crypto-policies-git283706d.tar.gz
--- a/SPECS/crypto-policies.spec
+++ b/SPECS/crypto-policies.spec
@ -1,5 +1,5 @@
-%global git_date 20230731
-%global git_commit 94f0e2c4f7ebf2b1513b405d11227bae79ffe070
+%global git_date 20240202
+%global git_commit 283706dbc258f4ac0b19b3291bc18f9b691b222f
 %{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})}

 %global _python_bytecompile_extra 0
@ -31,18 +31,21 @@ Version:        %{git_date}
 Release:        1.git%{git_commit_hash}%{?dist}
 Summary:        System-wide crypto policies

-License:        LGPLv2+
+License:        LGPL-2.1-or-later
 URL:            https://gitlab.com/redhat-crypto/fedora-crypto-policies
 # For RHEL-9 we use the upstream branch rhel9.
 Source0:        https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/archive/%{git_commit_hash}/%{name}-git%{git_commit_hash}.tar.gz

+%if 0%{?rhel} >= 10
+ExclusiveArch: %{java_arches} noarch
+%endif
 BuildArch: noarch
 BuildRequires: asciidoc
 BuildRequires: libxslt
 BuildRequires: openssl
 BuildRequires: nss-tools
 BuildRequires: gnutls-utils >= 3.6.0
-BuildRequires: java-1.8.0-openjdk-devel
+BuildRequires: java-devel
 BuildRequires: bind
 BuildRequires: perl-interpreter
 BuildRequires: perl-generators
@ -238,6 +241,33 @@ end
 %{_mandir}/man8/fips-finish-install.8*

 %changelog
+* Fri Feb 02 2024 Alexander Sosedkin <asosedkin@redhat.com> - 20240202-1.git283706d
+- fips-finish-install: make sure ostree is detected in chroot
+- fips-mode-setup: make sure ostree is detected in chroot
+- fips-finish-install: Create/remove /etc/system-fips on ostree systems
+- java: disable ChaCha20-Poly1305 where applicable
+
+* Mon Nov 13 2023 Clemens Lang <cllang@redhat.com> - 20231113-1.gite9247c2
+- fips-mode-setup: Fix test for empty /boot (RHEL-11350)
+- fips-mode-setup: Avoid 'boot=UUID=' if /boot == / (RHEL-11350)
+
+* Thu Nov 09 2023 Clemens Lang <cllang@redhat.com> - 20231109-1.git0ceff7f
+- Restore support for scoped ssh_etm directives (RHEL-15925)
+- Print matches in syntax deprecation warnings (RHEL-15925)
+
+* Wed Nov 08 2023 Clemens Lang <cllang@redhat.com> - 20231108-1.git994ae09
+- turn ssh_etm into an etm@SSH tri-state (RHEL-15925)
+- fips-mode-setup: increase chroot-friendliness (RHEL-11350)
+- fips-mode-setup: Fix usage with --no-bootcfg (RHEL-11350)
+
+* Mon Oct 16 2023 Alexander Sosedkin <asosedkin@redhat.com> - 20231016-1.git77ceb0b
+- openssl: fix SHA1 and NO-ENFORCE-EMS interaction
+- bind: fix a typo that led to duplication of ECDSAPxxxSHAxxx
+
+* Wed Sep 20 2023 Alexander Sosedkin <asosedkin@redhat.com> - 20230920-1.git8dcf74d
+- OSPP subpolicy: tighten beyond reason for OSPP 4.3
+- fips-mode-setup: more thorough --disable, still unsupported
+
 * Mon Jul 31 2023 Alexander Sosedkin <asosedkin@redhat.com> - 20230731-1.git94f0e2c
 - krb5: sort enctypes mac-first, cipher-second, prioritize SHA-2 ones
 - FIPS: enforce EMS in FIPS mode